Suspicious process running under <user id>
Hi,
Most of our client using wordpress for their website. So we have receive notification as per belows:
When we check it's point to hostname wordpress.org. We have so many client that receive like this. Is there anyway to adding it on lfd with bulk? Please advice. Thanks.
Network connections by the process (if any):
tcp: 42.10.xxx.xxx:55395 -> 66.155.40.186:443
Files open by the process (if any):
Memory maps by the process (if any):
00400000-00d0d000 r-xp 00000000 ca:01 17827637 /usr/bin/php
00f0c000-00fd1000 rw-p 0090c000 ca:01 17827637 /usr/bin/php
00fd1000-00ff4000 rw-p 00000000 00:00 0
02752000-02d4d000 rw-p 00000000 00:00 0 [heap]
7fd13f461000-7fd13f565000 rw-p 00000000 00:00 0
7fd13f571000-7fd13f940000 rw-p 00000000 00:00 0
7fd13f950000-7fd13ffa9000 rw-p 00000000 00:00 0
7fd13ffda000-7fd140348000 rw-p 00000000 00:00 0
7fd14034b000-7fd140616000 rw-p 00000000 00:00 0
7fd14063c000-7fd1406fd000 r--s 00000000 ca:01 11454221 /var/db/nscd/hosts
7fd1406fd000-7fd140703000 r-xp 00000000 ca:01 18481195 /usr/local/lib/php/extensions/no-debug-non-zts-20100525/pdo_mysql.so
7fd140703000-7fd140903000 ---p 00006000 ca:01 18481195 /usr/local/lib/php/extensions/no-debug-non-zts-20100525/pdo_mysql.so
7fd140903000-7fd140904000 rw-p 00006000 ca:01 18481195 /usr/local/lib/php/extensions/no-debug-non-zts-20100525/pdo_mysql.so
7fd140904000-7fd1409bc000 r-xp 00000000 ca:01 18481200 /usr/local/lib/php/extensions/no-debug-non-zts-20100525/pdo_sqlite.so
7fd1409bc000-7fd140bbb000 ---p 000b8000 ca:01 18481200 /usr/local/lib/php/extensions/no-debug-non-zts-20100525/pdo_sqlite.so
7fd140bbb000-7fd140bc0000 rw-p 000b7000 ca:01 18481200 /usr/local/lib/php/extensions/no-debug-non-zts-20100525/pdo_sqlite.so
7fd140bc0000-7fd140bd6000 r-xp 00000000 ca:01 18481193 /usr/local/lib/php/extensions/no-debug-non-zts-20100525/pdo.so
7fd140bd6000-7fd140dd6000 ---p 00016000 ca:01 18481193 /usr/local/lib/php/extensions/no-debug-non-zts-20100525/pdo.so
7fd140dd6000-7fd140dd9000 rw-p 00016000 ca:01 18481193 /usr/local/lib/php/extensions/no-debug-non-zts-20100525/pdo.so
7fd140dd9000-7fd140ee9000 r-xp 00000000 ca:01 18612460 /usr/local/IonCube/ioncube_loader_lin_5.4.so
7fd140ee9000-7fd140fe8000 ---p 00110000 ca:01 18612460 /usr/local/IonCube/ioncube_loader_lin_5.4.so
7fd140fe8000-7fd140ff8000 rw-p 0010f000 ca:01 18612460 /usr/local/IonCube/ioncube_loader_lin_5.4.so
7fd140ff8000-7fd140ffb000 rw-p 00000000 00:00 0 When we check it's point to hostname wordpress.org. We have so many client that receive like this. Is there anyway to adding it on lfd with bulk? Please advice. Thanks.
-
Hello :) To clarify, are you attempting to block connections from your server to the WordPress servers? Would this prevent your customers from updating their WordPress installations? Thank you. 0
Please sign in to leave a comment.
Comments
1 comment